Keeping Your Microsoft Account Secure

When I write about funneling everything through SkyDrive and its associated Microsoft account—now still called a Windows Live ID—I get a couple of predictable questions. First, does Microsoft offer two-factor authentication, like Google? And second, is SkyDrive protected with some form of encryption and cloud-based document versioning?

Microsoft can’t help you with that second one. But a new post on the awkwardly named Inside SkyDrive, Hotmail, and Messenger blog discusses a security feature I do use that offers some of the functionality and protection of two-factor authentication.

“I wanted to take the time to share at a high level how we protect our customers from attacks, and re-emphasize what each of you can do to better protect yourself,” Microsoft’s Eric Doerr writes in the post that is a response, of sorts to a recent episode in which as many as 450,000 Gmail, AOL, Hotmail, and Yahoo passwords were allegedly stolen. “Where there is a credible threat, the answer is simple – we err on the side of protecting customers.”

In a list of common-sense tactics one should take to protect themselves online, Doerr mentions a little-known security feature of Windows Live called security proofs. This feature lets you add a phone, email address, or trusted PC as a proof, and then use one to recover your account if you ever lose access. This feature is integrated into Windows 8, by the way, so that when you first sign-in with your Microsoft account, you’re prompted to verify your security proofs in a security verification screen.